package com.itheima.jdbc;

import com.itheima.pojo.Account;
import org.junit.jupiter.api.Test;

import java.sql.*;
import java.util.ArrayList;
import java.util.List;

/*
    用户登录
 */
public class JDBCDemo6_UserLogin {

    @Test
    public void testLogin() throws SQLException {

        //2.获取连接 :如果连接的是本机mysql并且端口默认的3306 可以简化书写
        String url="jdbc:mysql:///test?useSSL=false";
        String username="root";
        String password="1234";
        Connection conn = DriverManager.getConnection(url, username, password);

        //接收用户输入 用户名和密码
        String name = "zhangsan";
        String pwd = "123";

        String sql = "select * from tb_user where username='"+name+"' and password='"+pwd+"'";

        //获取stmt对象
        Statement stmt = conn.createStatement();

        //执行sql
        ResultSet rs = stmt.executeQuery(sql);
        //判断是否成功
        if (rs.next()) {
            System.out.println("登录成功");
        } else {
            System.out.println("登录失败");
        }
       /* rs.close();
        stmt.close();
        conn.close();*/
    }

    /*
        演示sql注入
     */
    @Test
    public void testLogin_Inject() throws SQLException {

        //2.获取连接 :如果连接的是本机mysql并且端口默认的3306 可以简化书写
        String url="jdbc:mysql:///test?useSSL=false";
        String username="root";
        String password="1234";
        Connection conn = DriverManager.getConnection(url, username, password);

        //接收用户输入 用户名和密码
        String name = "fsadfas";
        String pwd = "'or'1'='1";

        String sql = "select * from tb_user where username='"+name+"' and password='"+pwd+"'";

        //获取stmt对象
        Statement stmt = conn.createStatement();

        //执行sql
        ResultSet rs = stmt.executeQuery(sql);
        //判断是否成功
        if (rs.next()) {
            System.out.println("登录成功");
        } else {
            System.out.println("登录失败");
        }
       /* rs.close();
        stmt.close();
        conn.close();*/
    }

}
